InfoSecBulletin Cybersecurity for mankind
Platform BreachForum, bad actor perell, same person who claimed to expose the data of “Bharat Sanchar Nigam Limited” BSNL for the second time. The threat actor claimed first December-3, 2023 where he wrote “India’s 4th most popular telecommunications company has suffered a substantial data breach” and he claimed to have …
Read More »TimeLine Layout
April, 2024
-
25 April
India’s ICICI Bank exposed thousands of credit cards to ‘wrong’ users
“Our customers are our utmost priority and we are wholeheartedly dedicated to safe guarding their interests. It has come to our notice that about 17,000 new credit cards which were issued in the past few days were erroneously mapped in our digital channels to wrong users. They constitute about 0.1% …
Read More » -
25 April
CISA Releases Eight Industrial Control Systems Advisories
CISA issued eight advisories about Industrial Control Systems (ICS) on April 25, 2024. The advisories share important information about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-116-01 Multiple Vulnerabilities in Hitachi Energy RTU500 Series ICSA-24-116-02 Hitachi Energy MACH SCM ICSA-24-116-03 Siemens RUGGEDCOM APE1808 Devices Configured with Palo Alto Networks …
Read More » -
25 April
Google fixed critical Chrome vulnerability CVE-2024-4058
Google fixed a serious Chrome bug known as CVE-2024-4058 in the ANGLE graphics layer engine along with four vulnerabilities in the Chrome web browser. CVE-2024-4058 is a vulnerability in the ANGLE graphics layer engine. It allows attackers to execute arbitrary code on macOS systems. Toan Pham and Bao Pham from …
Read More » -
25 April
Hackers backdoored Cisco ASA devices via two zero-days
A Cisco customer noticed the first confirmed activity in early January 2024, but the attacks actually began in November 2023. The researchers also found evidence that indicates this capability was being tested and developed as early as July 2023. The initial access vector in this campaign – dubbed ArcaneDoor – …
Read More » -
25 April
CISA’s Secure by Design Turns 1! (VIDEO)
In April 2023, CISA kicked off our Secure by Design initiative, the agency’s effort to shift the responsibility of security from end users to technology manufacturers, in line with the National Cybersecurity Strategy. As with any major milestone, it’s useful to pause for some self-reflection over a year’s worth of …
Read More » -
24 April
ColoCity introduced hybrid cloud with Microsoft and Dell in Bangladesh
ColoCity has introduced hybrid cloud services for the first time in the country which is the integrated platform of Microsoft Azure Stack Hub and Dell Technologies to accelerate the technological expansion of the country’s business and industry to meet the goal of Smart Bangladesh. Azure Stack Hub is an extension …
Read More » -
24 April
CISA Releases Two Industrial Control Systems Advisories
CISA published two advisories about Industrial Control Systems (ICS) on April 23, 2024. The advisories give important details about security issues, vulnerabilities, and exploits related to ICS. ICSA-24-051-03 Mitsubishi Electric Electrical Discharge Machines (Update A):Â Successful exploitation of this vulnerability could allow an attacker to disclose, tamper with, destroy, or …
Read More » -
23 April
Microsoft Blog post
APT28 hackers to exploit CVE-2022-38028, Windows flaw
Microsoft Threat Intelligence released findings from their investigation on the Russian threat group known as Forest Blizzard (STRONTIUM). The group used a specialized tool to gain higher privileges and steal login information in compromised networks. Since June 2020, and maybe even since April 2019, Forest Blizzard has been using a …
Read More » -
22 April
SafeBreach security research
Experts Uncover Windows Flaws Granting Hackers Rootkit-Like Powers
According to a new research bad actors could exploit the DOS-to-NT path conversion process to hide and impersonate files, directories, and processes, gaining rootkit-like capabilities. “When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted …
Read More »
